Five Steps to Securing Data on Data Privacy Day

What’s so special about 28 January? It’s Data Privacy and Protection Day, an international event created to promote the need for personal and business data protection across the globe. Businesses of all sizes can benefit from clear, actionable tips on how to improve their data security.

Here are five steps you can take to celebrate Data Privacy and Protection Day and improve your security plan.

Step #1: Learn where your data lives. You can’t complete your security plan until you know exactly what you’re protecting and where it’s stored. The best way to do that is to use an up-to-date centralised information map. Most businesses store data on multiple media types: local disks, disk-based backup systems, offsite on tape and in the cloud. Each technology and format requires its own type of protection.

Step #2: Implement a need-to-know policy. To minimise the risk of human error (or curiosity), create policies that limit access to particular types of information. Designate access based on airtight job descriptions. Also, be sure to automate access-log entries so no one who’s accessed a particular data set goes undetected.

Step #3: Beef up your network security. Your network is almost certainly protected by a firewall and antivirus software. But are those tools up-to-date and comprehensive enough to get the job done? New malware definitions are released daily, and it’s up to your antivirus software to keep pace with them.

The bring-your-own-device philosophy is here to stay, and your IT team must extend its security umbrella over smartphones and tablets that employees use for business purposes. And start planning to protect sensitive data that can be collected by wearable devices.

Step #4: Monitor and inform your data’s lifecycle. By creating a data lifecycle management plan, you can ensure the secure destruction of old and obsolete data. As part of this process you should:

Identify the data you must protect, and for how long

Build a multi-pronged backup strategy that includes offline and offsite tape backups

Assess the consequences of an attack, then address the vulnerabilities revealed in this exercise

Take paper files into account, since they can also be stolen

Inventory all hardware that could possibly house old data and securely dispose of old copiers and fax machines, as well as outdated voicemail systems

Step #5: Educate everyone. Data security is ultimately about people. Every employee must understand the risks and ramifications of data breaches and know how to prevent them, especially as data attacks increase.

Talk with your employees about vulnerabilities such as cleverly disguised malware and web links in unsolicited emails. Encourage them to speak up if their computers start functioning oddly. Build a security culture in which everyone understands the critical value of your data.

Leave A Comment

About the author

Sue Trombley, Managing Director of Thought Leadership at Iron Mountain, has more than 25 years of information governance consulting experience. Prior to her current role, Trombley led Iron Mountain’s Consulting group responsible for business development, managing a team of subject matter experts, and running large engagements. Trombley holds a Master’s degree in Library and Information Science and is an ARMA certified Information Government Professional. She sits on the AIIM International Board, the University of Texas at Austin of School of Information Advisory Council, and is VP of the Boston ARMA chapter. Sue is a frequent speaker at association events, a published author, and frequent blogger on industry trends and issues at http://blogs.ironmountain.co.uk/author/sue-trombley/ and at http://blogs.ironmountain.com/author/strombley/.
sue.trombley@ironmountain.com

All data and information provided on this blog is for informational purposes only. Iron Mountain makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.